To understand why artificial intelligence (AI) is a vital tool in today’s and tomorrow’s cybersecurity kit, we have to understand how the threat landscape is evolving and what threats internet users face on a daily basis.
The evolving threat landscape
The global threat landscape is changing. Internet consumers now face very different threats. On the one side, there are massive, largely automated botnets infecting consumer devices. On the other, there are social engineering (or phishing) attacks that try to fool users into giving away their money and data.
According to our researchers, the botnet threat landscape is growing in scale: device adoption data of about 1.7 billion connected devices in North America shows that many Internet of Things (IoT) devices are growing in popularity. Of these, IP cameras and network attached storage (NAS) devices have a particularly worrying threat profile, as malicious actors target them more often than other devices.
At the same time, mobile devices (phones, tablets, and smartwatches) remain the most popular group of devices and face a different threat profile. CUJO AI’s security data shows how close to 60% of all threats to mobile devices are related to unsafe browsing: millions of devices are accessing malware distribution, spam, and spyware sites. Alarmingly, around 20% of mobile browsing threats stem from phishing activities – one of the most difficult threats to counter due to the short-lived nature of phishing websites.
Countering threats with AI today
In the past, security solutions were predominantly reactive: a new malware sample would be found, analysed and added to malware lists by researchers at cybersecurity companies. The industry still uses this approach, but it’s acting more proactively, especially with regard to social engineering threats.
Machine learning or AI algorithms play a key role in this shift. While they are not a one-stop solution for all cybersecurity concerns, they are incredibly useful for rapidly automating decision-making processes and inferring patterns from incomplete or changed data. These algorithms work by first learning from real-world data, such as existing security threats and false positives, as well as the newest threats found by researchers worldwide.
Rule based vs. machine-learning based methods Image: CUJO AI
AI algorithms are pattern-detection machines with a significant edge over legacy list-based security systems. AI enhances and surpasses these systems by detecting novel threats that exhibit suspicious patterns. The learning process to reach this stage of AI proficiency is substantial and only achievable with robust data sources for each threat vector.
Machine learning systems are not magical and can make mistakes. Still, once the algorithms have a sufficiently minuscule margin of error, they become indispensable in online security as the rapid decision-making process reduces user friction and does not negatively impact the user experience. This is key for enhanced cybersecurity at scale and is a welcome side-effect of using AI in cybersecurity. It not only improves security but also covers a large area in the threat landscape.
AI algorithms can prevent some novel threats due to their nature: security threats, malware and adversarial tactics usually evolve by building on previous exploitations and malware. Comparatively few truly novel threats appear every year: most malicious actors are not so many developers as users of malware-as-a-service suites or tweakers of existing, leaked malicious codes. Our researchers have exposed this in a recent study of the Sysrv botnet’s evolution, where most new strains of the malware were combinations and re-combinations of other existing malicious codes.
Since these linearly evolving threats are often capable of avoiding standard anti-malware detection, AI is a useful tool for enhancing global cybersecurity. Simple tweaks are seldom enough to beat these algorithms.
In our own experience, adopting AI algorithms to enhance the protection of tens of millions of homes was a resounding success. We have successfully teamed the best practices from existing cybersecurity solutions with advances in machine learning to produce an extremely low-friction security solution that enables network operators to protect their consumers. At CUJO AI’s scale, AI helps us prevent around 10,000 threats every minute.
Countering threats with AI tomorrow
Perhaps the most exciting and one of the most valuable achievements in AI cybersecurity is the possibility to alert users before they access suspicious websites, including phishing sites. Since social engineering attacks usually result in the most damage and loss of privacy and finances for consumers, using AI to prevent novel attacks before they appear on industry databases is extremely important.
Looking forward, cloud-based AI-driven cybersecurity also has a key feature that goes beyond standard antiviruses and firewalls, as they can be deployed on the router to enhance the protection of all devices on a given network. This is extremely important as our data shows that around 50% of all connected devices are not capable of running antivirus software.
The future of consumer cybersecurity is unimaginable without AI, especially when we consider the scale and threat of social engineering and IoT malware.